From 698a18e7a5a7b1ec3fdf7e9bd746ff3ab7e8c461 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Tue, 8 Oct 2019 15:02:30 +0200 Subject: [PATCH] android: Allow configuration of client identity for all authentication types This replaces the drop-down box to select certificate identities with a text field (in the advanced settings) with auto-completion for SANs contained in the certificate. The field is always shown and allows using an IKE identity different from the username for EAP authentication (e.g. to configure a more complete identity to select a specific config on the server). Fixes #3134. --- .../android/ui/VpnProfileDetailActivity.java | 42 +++++-------------- .../adapter/CertificateIdentitiesAdapter.java | 17 +------- .../android/ui/adapter/VpnProfileAdapter.java | 18 ++++---- .../main/res/layout/profile_detail_view.xml | 32 +++++++------- .../app/src/main/res/values-de/strings.xml | 6 +-- .../app/src/main/res/values-pl/strings.xml | 6 +-- .../app/src/main/res/values-ru/strings.xml | 6 +-- .../app/src/main/res/values-ua/strings.xml | 6 +-- .../src/main/res/values-zh-rCN/strings.xml | 6 +-- .../src/main/res/values-zh-rTW/strings.xml | 6 +-- .../app/src/main/res/values/strings.xml | 6 +-- 11 files changed, 61 insertions(+), 90 deletions(-) diff --git a/src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileDetailActivity.java b/src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileDetailActivity.java index 94bb21c383..eaed550111 100644 --- a/src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileDetailActivity.java +++ b/src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileDetailActivity.java @@ -90,7 +90,6 @@ public class VpnProfileDetailActivity extends AppCompatActivity private TrustedCertificateEntry mCertEntry; private String mUserCertLoading; private CertificateIdentitiesAdapter mSelectUserIdAdapter; - private String mSelectedUserId; private TrustedCertificateEntry mUserCertEntry; private VpnType mVpnType = VpnType.IKEV2_EAP; private SelectedAppsHandling mSelectedAppsHandling = SelectedAppsHandling.SELECTED_APPS_DISABLE; @@ -107,7 +106,6 @@ public class VpnProfileDetailActivity extends AppCompatActivity private EditText mPassword; private ViewGroup mUserCertificate; private RelativeLayout mSelectUserCert; - private Spinner mSelectUserId; private CheckBox mCheckAuto; private RelativeLayout mSelectCert; private RelativeLayout mTncNotice; @@ -115,6 +113,8 @@ public class VpnProfileDetailActivity extends AppCompatActivity private ViewGroup mAdvancedSettings; private MultiAutoCompleteTextView mRemoteId; private TextInputLayoutHelper mRemoteIdWrap; + private MultiAutoCompleteTextView mLocalId; + private TextInputLayoutHelper mLocalIdWrap; private EditText mMTU; private TextInputLayoutHelper mMTUWrap; private EditText mPort; @@ -170,7 +170,6 @@ public class VpnProfileDetailActivity extends AppCompatActivity mUserCertificate = (ViewGroup)findViewById(R.id.user_certificate_group); mSelectUserCert = (RelativeLayout)findViewById(R.id.select_user_certificate); - mSelectUserId = (Spinner)findViewById(R.id.select_user_id); mCheckAuto = (CheckBox)findViewById(R.id.ca_auto); mSelectCert = (RelativeLayout)findViewById(R.id.select_certificate); @@ -180,6 +179,8 @@ public class VpnProfileDetailActivity extends AppCompatActivity mRemoteId = (MultiAutoCompleteTextView)findViewById(R.id.remote_id); mRemoteIdWrap = (TextInputLayoutHelper) findViewById(R.id.remote_id_wrap); + mLocalId = findViewById(R.id.local_id); + mLocalIdWrap = findViewById(R.id.local_id_wrap); mDnsServers = findViewById(R.id.dns_servers); mDnsServersWrap = findViewById(R.id.dns_servers_wrap); mMTU = (EditText)findViewById(R.id.mtu); @@ -216,6 +217,7 @@ public class VpnProfileDetailActivity extends AppCompatActivity final SpaceTokenizer spaceTokenizer = new SpaceTokenizer(); mName.setTokenizer(spaceTokenizer); mRemoteId.setTokenizer(spaceTokenizer); + mLocalId.setTokenizer(spaceTokenizer); final ArrayAdapter gatewayAdapter = new ArrayAdapter<>(this, android.R.layout.simple_dropdown_item_1line); mName.setAdapter(gatewayAdapter); mRemoteId.setAdapter(gatewayAdapter); @@ -280,23 +282,7 @@ public class VpnProfileDetailActivity extends AppCompatActivity mSelectUserCert.setOnClickListener(new SelectUserCertOnClickListener()); mSelectUserIdAdapter = new CertificateIdentitiesAdapter(this); - mSelectUserId.setAdapter(mSelectUserIdAdapter); - mSelectUserId.setOnItemSelectedListener(new OnItemSelectedListener() { - @Override - public void onItemSelected(AdapterView parent, View view, int position, long id) - { - if (mUserCertEntry != null) - { /* we don't store the subject DN as it is in the reverse order and the default anyway */ - mSelectedUserId = position == 0 ? null : mSelectUserIdAdapter.getItem(position); - } - } - - @Override - public void onNothingSelected(AdapterView parent) - { - mSelectedUserId = null; - } - }); + mLocalId.setAdapter(mSelectUserIdAdapter); mCheckAuto.setOnCheckedChangeListener(new OnCheckedChangeListener() { @Override @@ -384,10 +370,6 @@ public class VpnProfileDetailActivity extends AppCompatActivity { outState.putString(VpnProfileDataSource.KEY_USER_CERTIFICATE, mUserCertEntry.getAlias()); } - if (mSelectedUserId != null) - { - outState.putString(VpnProfileDataSource.KEY_LOCAL_ID, mSelectedUserId); - } if (mCertEntry != null) { outState.putString(VpnProfileDataSource.KEY_CERTIFICATE, mCertEntry.getAlias()); @@ -455,10 +437,10 @@ public class VpnProfileDetailActivity extends AppCompatActivity mUsernamePassword.setVisibility(mVpnType.has(VpnTypeFeature.USER_PASS) ? View.VISIBLE : View.GONE); mUserCertificate.setVisibility(mVpnType.has(VpnTypeFeature.CERTIFICATE) ? View.VISIBLE : View.GONE); mTncNotice.setVisibility(mVpnType.has(VpnTypeFeature.BYOD) ? View.VISIBLE : View.GONE); + mLocalIdWrap.setHelperText(getString(R.string.profile_local_id_hint_user)); if (mVpnType.has(VpnTypeFeature.CERTIFICATE)) { - mSelectUserId.setEnabled(false); if (mUserCertLoading != null) { ((TextView)mSelectUserCert.findViewById(android.R.id.text1)).setText(mUserCertLoading); @@ -470,8 +452,6 @@ public class VpnProfileDetailActivity extends AppCompatActivity ((TextView)mSelectUserCert.findViewById(android.R.id.text1)).setText(mUserCertEntry.getAlias()); ((TextView)mSelectUserCert.findViewById(android.R.id.text2)).setText(mUserCertEntry.getCertificate().getSubjectDN().toString()); mSelectUserIdAdapter.setCertificate(mUserCertEntry); - mSelectUserId.setSelection(mSelectUserIdAdapter.getPosition(mSelectedUserId)); - mSelectUserId.setEnabled(true); } else { @@ -479,6 +459,7 @@ public class VpnProfileDetailActivity extends AppCompatActivity ((TextView)mSelectUserCert.findViewById(android.R.id.text2)).setText(R.string.profile_user_select_certificate); mSelectUserIdAdapter.setCertificate(null); } + mLocalIdWrap.setHelperText(getString(R.string.profile_local_id_hint_cert)); } } @@ -580,7 +561,7 @@ public class VpnProfileDetailActivity extends AppCompatActivity mProfile.getIncludedSubnets() != null || mProfile.getExcludedSubnets() != null || mProfile.getSelectedAppsHandling() != SelectedAppsHandling.SELECTED_APPS_DISABLE || mProfile.getIkeProposal() != null || mProfile.getEspProposal() != null || - mProfile.getDnsServers() != null; + mProfile.getDnsServers() != null || mProfile.getLocalId() != null; } mShowAdvanced.setVisibility(!show ? View.VISIBLE : View.GONE); mAdvancedSettings.setVisibility(show ? View.VISIBLE : View.GONE); @@ -717,11 +698,11 @@ public class VpnProfileDetailActivity extends AppCompatActivity if (mVpnType.has(VpnTypeFeature.CERTIFICATE)) { mProfile.setUserCertificateAlias(mUserCertEntry.getAlias()); - mProfile.setLocalId(mSelectedUserId); } String certAlias = mCheckAuto.isChecked() ? null : mCertEntry.getAlias(); mProfile.setCertificateAlias(certAlias); mProfile.setRemoteId(getString(mRemoteId)); + mProfile.setLocalId(getString(mLocalId)); mProfile.setMTU(getInteger(mMTU)); mProfile.setPort(getInteger(mPort)); mProfile.setNATKeepAlive(getInteger(mNATKeepalive)); @@ -767,6 +748,7 @@ public class VpnProfileDetailActivity extends AppCompatActivity mUsername.setText(mProfile.getUsername()); mPassword.setText(mProfile.getPassword()); mRemoteId.setText(mProfile.getRemoteId()); + mLocalId.setText(mProfile.getLocalId()); mMTU.setText(mProfile.getMTU() != null ? mProfile.getMTU().toString() : null); mPort.setText(mProfile.getPort() != null ? mProfile.getPort().toString() : null); mNATKeepalive.setText(mProfile.getNATKeepAlive() != null ? mProfile.getNATKeepAlive().toString() : null); @@ -803,12 +785,10 @@ public class VpnProfileDetailActivity extends AppCompatActivity /* check if the user selected a user certificate previously */ useralias = savedInstanceState == null ? useralias : savedInstanceState.getString(VpnProfileDataSource.KEY_USER_CERTIFICATE); - local_id = savedInstanceState == null ? local_id : savedInstanceState.getString(VpnProfileDataSource.KEY_LOCAL_ID); if (useralias != null) { UserCertificateLoader loader = new UserCertificateLoader(this, useralias); mUserCertLoading = useralias; - mSelectedUserId = local_id; loader.execute(); } diff --git a/src/frontends/android/app/src/main/java/org/strongswan/android/ui/adapter/CertificateIdentitiesAdapter.java b/src/frontends/android/app/src/main/java/org/strongswan/android/ui/adapter/CertificateIdentitiesAdapter.java index c8e3df38b4..912f524413 100644 --- a/src/frontends/android/app/src/main/java/org/strongswan/android/ui/adapter/CertificateIdentitiesAdapter.java +++ b/src/frontends/android/app/src/main/java/org/strongswan/android/ui/adapter/CertificateIdentitiesAdapter.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2016 Tobias Brunner + * Copyright (C) 2016-2019 Tobias Brunner * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -16,17 +16,10 @@ package org.strongswan.android.ui.adapter; import android.content.Context; -import android.view.LayoutInflater; -import android.view.View; -import android.view.ViewGroup; import android.widget.ArrayAdapter; -import android.widget.TextView; -import org.strongswan.android.R; import org.strongswan.android.security.TrustedCertificateEntry; -import java.util.List; - public class CertificateIdentitiesAdapter extends ArrayAdapter { TrustedCertificateEntry mCertificate; @@ -51,14 +44,8 @@ public class CertificateIdentitiesAdapter extends ArrayAdapter private void extractIdentities() { - if (mCertificate == null) - { - add(getContext().getString(R.string.profile_user_select_id_init)); - } - else + if (mCertificate != null) { - add(String.format(getContext().getString(R.string.profile_user_select_id_default), - mCertificate.getCertificate().getSubjectDN().getName())); addAll(mCertificate.getSubjectAltNames()); } } diff --git a/src/frontends/android/app/src/main/java/org/strongswan/android/ui/adapter/VpnProfileAdapter.java b/src/frontends/android/app/src/main/java/org/strongswan/android/ui/adapter/VpnProfileAdapter.java index f1ff1c6f81..d9201747a3 100644 --- a/src/frontends/android/app/src/main/java/org/strongswan/android/ui/adapter/VpnProfileAdapter.java +++ b/src/frontends/android/app/src/main/java/org/strongswan/android/ui/adapter/VpnProfileAdapter.java @@ -17,14 +17,6 @@ package org.strongswan.android.ui.adapter; -import java.util.Collections; -import java.util.Comparator; -import java.util.List; - -import org.strongswan.android.R; -import org.strongswan.android.data.VpnProfile; -import org.strongswan.android.data.VpnType.VpnTypeFeature; - import android.content.Context; import android.view.LayoutInflater; import android.view.View; @@ -32,6 +24,14 @@ import android.view.ViewGroup; import android.widget.ArrayAdapter; import android.widget.TextView; +import org.strongswan.android.R; +import org.strongswan.android.data.VpnProfile; +import org.strongswan.android.data.VpnType.VpnTypeFeature; + +import java.util.Collections; +import java.util.Comparator; +import java.util.List; + public class VpnProfileAdapter extends ArrayAdapter { private final int resource; @@ -74,7 +74,7 @@ public class VpnProfileAdapter extends ArrayAdapter profile.getLocalId() != null) { tv.setVisibility(View.VISIBLE); - tv.setText(getContext().getString(R.string.profile_user_select_id_label) + ": " + profile.getLocalId()); + tv.setText(getContext().getString(R.string.profile_local_id_label) + ": " + profile.getLocalId()); } else { diff --git a/src/frontends/android/app/src/main/res/layout/profile_detail_view.xml b/src/frontends/android/app/src/main/res/layout/profile_detail_view.xml index 0adbe6efdb..acab0b2f1b 100644 --- a/src/frontends/android/app/src/main/res/layout/profile_detail_view.xml +++ b/src/frontends/android/app/src/main/res/layout/profile_detail_view.xml @@ -73,6 +73,7 @@ android:id="@+id/username_wrap" android:layout_width="match_parent" android:layout_height="wrap_content" + android:layout_marginTop="4dp" android:hint="@string/profile_username_label" > - - - - + + + + + + Benutzer-Zertifikat Benutzer-Zertifikat auswählen Wählen Sie ein bestimmtes Benutzer-Zertifikat - Benutzer-Identität - Wählen Sie zuerst ein Benutzer-Zertifikat - Standardwert (%1$s) CA-Zertifikat Automatisch wählen CA-Zertifikat auswählen @@ -85,6 +82,9 @@ Server-Identität Standardwert ist der konfigurierte Server. Eigene Werte werden explizit an den Server gesendet und während der Authentifizierung erzwungen Standardwert ist \"%1$s\". Eigene Werte werden explizit an den Server gesendet und während der Authentifizierung erzwungen + Client-Identität + Standardwert ist der konfigurierte Benutzername. Eigene Werte können verwendet werden, falls der Server diese erwartet/benötigt + Standardwert ist die Inhaber-Identität des Zertifkats. Eigene Werte können verwendet werden, falls der Server diese erwartet/benötigt. Zu beachten ist, dass diese üblicherweise vom Zertifikat bestätigt werden müssen (für die alternativen Identitäten des Zertifikats, falls vorhanden, wird eine Auto-Vervollständigung angeboten) DNS Server Benutzerdefinierte DNS Server bei Verbindung zum VPN (mit Leerzeichen getrennt, z.B.. \"8.8.8.8 2001:4860:4860::8888\"), standardmässig werden die vom VPN Server erhaltenen Server verwendet MTU des VPN Tunnel-Device diff --git a/src/frontends/android/app/src/main/res/values-pl/strings.xml b/src/frontends/android/app/src/main/res/values-pl/strings.xml index 90523be5a3..6f4716ba84 100644 --- a/src/frontends/android/app/src/main/res/values-pl/strings.xml +++ b/src/frontends/android/app/src/main/res/values-pl/strings.xml @@ -73,9 +73,6 @@ Certyfikat użytkownika Wybierz certyfikat użytkownika >Wybierz określony certyfikat użytkownika - User identity - Select a certificate first - Default (%1$s) Certyfikat CA Wybierz automatycznie Wybierz certyfikat CA @@ -85,6 +82,9 @@ Server identity Defaults to the configured server. Custom values are explicitly sent to the server and enforced during authentication Defaults to \"%1$s\". Custom values are explicitly sent to the server and enforced during authentication + Client identity + Defaults to the configured username. Custom values may be used if expected/required by the server + Defaults to the certificate\'s subject identity. Custom values may be used if expected/required by the server. Note that these usually must be confirmed by the certificate (auto-completion is provided for the certificate\'s alternative identities, if any) DNS servers Custom DNS servers to use when connected to the VPN (separated by spaces, e.g. \"8.8.8.8 2001:4860:4860::8888\"), defaults to those received from the VPN server MTU of the VPN tunnel device diff --git a/src/frontends/android/app/src/main/res/values-ru/strings.xml b/src/frontends/android/app/src/main/res/values-ru/strings.xml index c6a38de9d6..5def66df8b 100644 --- a/src/frontends/android/app/src/main/res/values-ru/strings.xml +++ b/src/frontends/android/app/src/main/res/values-ru/strings.xml @@ -70,9 +70,6 @@ Сертификат пользователя Выбрать сертификат пользователя Выбрать сертификат пользователя - User identity - Select a certificate first - Default (%1$s) Сертификат CA Выбрать автоматически Выбрать сертификат CA @@ -82,6 +79,9 @@ Server identity Defaults to the configured server. Custom values are explicitly sent to the server and enforced during authentication Defaults to \"%1$s\". Custom values are explicitly sent to the server and enforced during authentication + Client identity + Defaults to the configured username. Custom values may be used if expected/required by the server + Defaults to the certificate\'s subject identity. Custom values may be used if expected/required by the server. Note that these usually must be confirmed by the certificate (auto-completion is provided for the certificate\'s alternative identities, if any) DNS servers Custom DNS servers to use when connected to the VPN (separated by spaces, e.g. \"8.8.8.8 2001:4860:4860::8888\"), defaults to those received from the VPN server MTU of the VPN tunnel device diff --git a/src/frontends/android/app/src/main/res/values-ua/strings.xml b/src/frontends/android/app/src/main/res/values-ua/strings.xml index b133525f65..4920aa2385 100644 --- a/src/frontends/android/app/src/main/res/values-ua/strings.xml +++ b/src/frontends/android/app/src/main/res/values-ua/strings.xml @@ -71,9 +71,6 @@ Сертифікат користувача Виберіть сертифікат користувача Вибрати спеціальний сертифікат користувача - User identity - Select a certificate first - Default (%1$s) Сертифікат CA Вибрати автоматично Вибрати сертифікат CA @@ -83,6 +80,9 @@ Server identity Defaults to the configured server. Custom values are explicitly sent to the server and enforced during authentication Defaults to \"%1$s\". Custom values are explicitly sent to the server and enforced during authentication + Client identity + Defaults to the configured username. Custom values may be used if expected/required by the server + Defaults to the certificate\'s subject identity. Custom values may be used if expected/required by the server. Note that these usually must be confirmed by the certificate (auto-completion is provided for the certificate\'s alternative identities, if any) DNS servers Custom DNS servers to use when connected to the VPN (separated by spaces, e.g. \"8.8.8.8 2001:4860:4860::8888\"), defaults to those received from the VPN server MTU of the VPN tunnel device diff --git a/src/frontends/android/app/src/main/res/values-zh-rCN/strings.xml b/src/frontends/android/app/src/main/res/values-zh-rCN/strings.xml index 3594391511..3408f5f55f 100644 --- a/src/frontends/android/app/src/main/res/values-zh-rCN/strings.xml +++ b/src/frontends/android/app/src/main/res/values-zh-rCN/strings.xml @@ -70,9 +70,6 @@ 用户证书 选择用户证书 选择指定的用户证书 - 用户ID - 首先选择一个证书 - 默认(%1$s) CA证书 自动选择 选择CA证书 @@ -82,6 +79,9 @@ 服务器ID 默认为已配置的服务器地址。自义定值将在鉴权期间被显式地发送至服务器 默认为 \"%1$s\"。自义定值将在鉴权期间被显式地发送至服务器 + Client identity + Defaults to the configured username. Custom values may be used if expected/required by the server + Defaults to the certificate\'s subject identity. Custom values may be used if expected/required by the server. Note that these usually must be confirmed by the certificate (auto-completion is provided for the certificate\'s alternative identities, if any) DNS servers Custom DNS servers to use when connected to the VPN (separated by spaces, e.g. \"8.8.8.8 2001:4860:4860::8888\"), defaults to those received from the VPN server VPN隧道设备的MTU值 diff --git a/src/frontends/android/app/src/main/res/values-zh-rTW/strings.xml b/src/frontends/android/app/src/main/res/values-zh-rTW/strings.xml index 2330283c09..e3d7f03616 100644 --- a/src/frontends/android/app/src/main/res/values-zh-rTW/strings.xml +++ b/src/frontends/android/app/src/main/res/values-zh-rTW/strings.xml @@ -70,9 +70,6 @@ 用戶憑證 選擇用戶憑證 選擇指定的用戶憑證 - 用戶帳號 - 請先選擇一個憑證 - 預設(%1$s) CA憑證 自動選擇 選擇CA憑證 @@ -82,6 +79,9 @@ 伺服器ID 預設為已設定的伺服器位置。自訂值會在授權期間送到伺服器 預設為 \"%1$s\"。自訂值會在授權期間送到伺服器 + Client identity + Defaults to the configured username. Custom values may be used if expected/required by the server + Defaults to the certificate\'s subject identity. Custom values may be used if expected/required by the server. Note that these usually must be confirmed by the certificate (auto-completion is provided for the certificate\'s alternative identities, if any) DNS servers Custom DNS servers to use when connected to the VPN (separated by spaces, e.g. \"8.8.8.8 2001:4860:4860::8888\"), defaults to those received from the VPN server VPN通道裝置的MTU值 diff --git a/src/frontends/android/app/src/main/res/values/strings.xml b/src/frontends/android/app/src/main/res/values/strings.xml index 243231609d..4d9fd879f2 100644 --- a/src/frontends/android/app/src/main/res/values/strings.xml +++ b/src/frontends/android/app/src/main/res/values/strings.xml @@ -73,9 +73,6 @@ User certificate Select user certificate Select a specific user certificate - User identity - Select a certificate first - Default (%1$s) CA certificate Select automatically Select CA certificate @@ -85,6 +82,9 @@ Server identity Defaults to the configured server. Custom values are explicitly sent to the server and enforced during authentication Defaults to \"%1$s\". Custom values are explicitly sent to the server and enforced during authentication + Client identity + Defaults to the configured username. Custom values may be used if expected/required by the server + Defaults to the certificate\'s subject identity. Custom values may be used if expected/required by the server. Note that these usually must be confirmed by the certificate (auto-completion is provided for the certificate\'s alternative identities, if any) DNS servers Custom DNS servers to use when connected to the VPN (separated by spaces, e.g. \"8.8.8.8 2001:4860:4860::8888\"), defaults to those received from the VPN server MTU of the VPN tunnel device -- 2.47.2